Appendix A

HA Failover

StorNext is designed to be a resilient data management solution. StorNext supports operation in degraded mode and provides functionality to guarantee data protection in the event of a storage device failure or total site outage. For certain environments though, additional protection is required to deliver a higher level of availability. To meet these demands, StorNext includes MetaData Controller (MDC) failover.

MDC failover allows a secondary MDC to take over StorNext operations in the event a primary MDC fails. Failover is supported for all StorNext management operations including client IO requests (File System) and data mover operations (Storage Manager). MDCs in a failover pair typically run in an active / passive configuration, but both MDCs can be configured to run active File System processes. In the event one MDC fails, the other continues to perform its current operations, as well as those of the failed MDC.

Note: Active / Active Storage Manager processes are not currently supported in MDC failover.

Like all failover solutions, StorNext must provide functionality to prevent a damaged or inaccessible MDC from incorrectly processing IO requests that should be handled by the active MDC (often referred to as a “split brain” scenario). To handle this, StorNext utilizes a special failover methodology call STONITH - shoot the other node in the head. STONITH

StorNext User’s Guide

320

Page 342
Image 342
Quantum 6-01658-06, 3.1.3 manual HA Failover